Skip to content

Commit aba0304

Browse files
author
Falk Schykowski
committed
Add missing parts for role assumption policy
1 parent 24df241 commit aba0304

File tree

2 files changed

+13
-3
lines changed

2 files changed

+13
-3
lines changed

modules/karpenter/main.tf

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -289,6 +289,15 @@ data "aws_iam_policy_document" "node_assume_role" {
289289
type = "Service"
290290
identifiers = ["ec2.${local.dns_suffix}"]
291291
}
292+
293+
dynamic "condition" {
294+
for_each = var.iam_role_conditions
295+
content {
296+
test = condition.value.test
297+
variable = condition.value.variable
298+
values = condition.value.values
299+
}
300+
}
292301
}
293302
}
294303

modules/karpenter/variables.tf

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -65,10 +65,11 @@ variable "iam_role_permissions_boundary_arn" {
6565
variable "iam_role_conditions" {
6666
description = "Additional conditions of the IAM role assume policy"
6767
type = list(object({
68-
test = string
69-
variable = string
70-
values = list(string)
68+
test = string
69+
variable = string
70+
values = list(string)
7171
}))
72+
default = []
7273
}
7374

7475
variable "iam_role_tags" {

0 commit comments

Comments
 (0)